About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

SQL injection, Oracle and Full-width Characters- 107

Tomas LažauninkasPosted 6 Years Ago
  • Essentially, this pentester had an SQL injection but could not exploit it as all commas were replaced by some other character (breaking the query).
  • In order to extract data without the comma, some funky stuff had to be done. Character encoding are soooo weird!
  • The goal was to find a comma that would not be converted by the application but that the Oracle database would still use. After a couple of different comma-like characters, the full-width-comma worked as expected.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed